aboutsummaryrefslogtreecommitdiffstats
path: root/src/common/dragonfly.c
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2019-04-26 14:33:44 (GMT)
committerJouni Malinen <j@w1.fi>2019-04-26 14:33:44 (GMT)
commit73338db029de6ef3accc019ae0479c618c967ad5 (patch)
tree9b6b29ad39ba77daf406419f717f34b185c8a574 /src/common/dragonfly.c
parentc3805fb62318741debf55ecb1a6ce9e4e60ae38d (diff)
downloadhostap-73338db029de6ef3accc019ae0479c618c967ad5.zip
hostap-73338db029de6ef3accc019ae0479c618c967ad5.tar.gz
hostap-73338db029de6ef3accc019ae0479c618c967ad5.tar.bz2
Share common SAE and EAP-pwd functionality: own scalar generation
Use a shared helper function for deriving rand, mask, and own scalar. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Diffstat (limited to 'src/common/dragonfly.c')
-rw-r--r--src/common/dragonfly.c36
1 files changed, 36 insertions, 0 deletions
diff --git a/src/common/dragonfly.c b/src/common/dragonfly.c
index f6ecf43..10d968a 100644
--- a/src/common/dragonfly.c
+++ b/src/common/dragonfly.c
@@ -154,3 +154,39 @@ fail:
crypto_bignum_deinit(qr_or_qnr, 1);
return res;
}
+
+
+static int dragonfly_get_rand_2_to_r_1(struct crypto_bignum *val,
+ const struct crypto_bignum *order)
+{
+ return crypto_bignum_rand(val, order) == 0 &&
+ !crypto_bignum_is_zero(val) &&
+ !crypto_bignum_is_one(val);
+}
+
+
+int dragonfly_generate_scalar(const struct crypto_bignum *order,
+ struct crypto_bignum *_rand,
+ struct crypto_bignum *_mask,
+ struct crypto_bignum *scalar)
+{
+ int count;
+
+ /* Select two random values rand,mask such that 1 < rand,mask < r and
+ * rand + mask mod r > 1. */
+ for (count = 0; count < 100; count++) {
+ if (dragonfly_get_rand_2_to_r_1(_rand, order) &&
+ dragonfly_get_rand_2_to_r_1(_mask, order) &&
+ crypto_bignum_add(_rand, _mask, scalar) == 0 &&
+ crypto_bignum_mod(scalar, order, scalar) == 0 &&
+ !crypto_bignum_is_zero(scalar) &&
+ !crypto_bignum_is_one(scalar))
+ return 0;
+ }
+
+ /* This should not be reachable in practice if the random number
+ * generation is working. */
+ wpa_printf(MSG_INFO,
+ "dragonfly: Unable to get randomness for own scalar");
+ return -1;
+}